A remote node responds to a CHAP challenge with a hash value that is based on the stored password and the challenge message. The local router compares this response to its own calculation of the hash value; if they match, the remote node must have the correct password and authentication is successful. Otherwise, authentication fails.